Session key recovery system and method
DCFirst Claim
Patent Images
1. A key recovery system by which a key recovery agent recovers a session key used to encrypt a message, comprising:
- means for the key recovery agent to replay a recorded communication between the sender of the message and an authentication server, said session key having been generated with assistance of said authentication server during said communication;
means for the key recovery agent to request the authentication server to assist in recovering the session key for use by the key recovery agent to decrypt said message, said authentication server thereupon recovering the session key from said recorded communication by recreating a process by which the session key was originally generated utilizing secret information accessible only by the authentication server;
means for the authentication server to authenticate said request by the key recovery agent to assist in recovering the session key; and
means for transmitting said session key from the authentication server to the key recovery agent in order to decrypt said message.
5 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system and method for providing access to an encrypted communication involves recording the session during which the communication is encrypted, replaying the session to recover data used to recover a session key, accessing a server to retrieve secret information also used to generate the session key, and recreating the session key using the recovered data and secret information. The system and method includes provision for authenticating parties to the key recovery, protecting communications required to retrieve the secret key, and establishing a record of the key recovery to serve as an audit trail.
174 Citations
31 Claims
-
1. A key recovery system by which a key recovery agent recovers a session key used to encrypt a message, comprising:
-
means for the key recovery agent to replay a recorded communication between the sender of the message and an authentication server, said session key having been generated with assistance of said authentication server during said communication;
means for the key recovery agent to request the authentication server to assist in recovering the session key for use by the key recovery agent to decrypt said message, said authentication server thereupon recovering the session key from said recorded communication by recreating a process by which the session key was originally generated utilizing secret information accessible only by the authentication server;
means for the authentication server to authenticate said request by the key recovery agent to assist in recovering the session key; and
means for transmitting said session key from the authentication server to the key recovery agent in order to decrypt said message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 23, 25, 26, 27, 28)
-
-
12. A key recovery method in which a key recovery agent recovers a session key used to encrypt a message, comprising the steps of:
- replaying, at the key recovery agent, a recorded communication between a sender of the message and an authentication server, said session key having been generated with assistance of the authentication server during said communication;
requesting, by the key recovery agents the authentication server to assist in recovering the session key, said authentication server thereupon recovering the session key from said recorded communication by re-creating a processing by which said session key was originally generated utilizing secret information accessible only by the authentication server;
authenticating, at the authentication server, said request by the key recovery agent to assist in recovering the session key; and
transmitting said session key from the authentication server to the key recovery agent in order to decrypt said message. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 29, 30, 31)
- replaying, at the key recovery agent, a recorded communication between a sender of the message and an authentication server, said session key having been generated with assistance of the authentication server during said communication;
Specification